Information
Equipo Nizkor
        Bookshop | Donate
Derechos | Equipo Nizkor       

01Mar1998


Big Brother in the Wires: Wiretapping in the Digital Age


Back to top

Table of Contents

Executive Summary
Introduction
Electronic surveillance is inconsistent with a free society
The Clinton Administration's anti-privacy position
What the framers had in mind when they adopted the fourth amendment
Non-key recovery systems are not detrimental to law enforcement
Key recovery systems will increase computer-related crime
Conclusion and recommendations
Notes


Executive Summary

A struggle over cryptography policy is now taking place in the higher echelons of government, science and industry. Its outcome will have far reaching and possibly irrevocable consequences for every Americans' right to privacy. Yet the public has been kept largely in the dark. No one has asked the American people if they want Big Brother permanently hardwired into the country's communications infrastructure, and that is what will happen if the Clinton Administration has its way.

Cryptography provides an envelope, seal and signature for otherwise unprotected electronic communications, including telephone conversations, FAX messages, e-mail, fund transfers, trade secrets and health records. Without strong encryption, there will be no way to protect private communications from snooping, whether by the government, by business competitors, by terrorists, or by nosy neighbors, hackers and thieves. The ACLU therefore supports the free and unfettered development, production and use of the strongest possible encryption technology.

The Clinton Administration, however, has consistently pushed for significant curbs on our ability to use cryptography to protect electronic privacy. It claims that without access to the keys of all encrypted messages, its "ability to fight crime and prevent terrorism" will be "devastated." But in fact, in the past decade, 83 percent of all wiretaps and other forms of government surveillance have been authorized in connection with vice crimes like gambling and drug offenses. The Administration is using scare tactics to acquire vast new powers to spy on all Americans.

The government's own records show that electronic surveillance is of marginal utility in preventing or solving serious crimes. It did not, for example, stop or lead to the apprehension of the Unabomber, Timothy McVeigh, or the World Trade Center bombers. Those crimes were solved by good detective work. Serious crimes of violence, including terrorist crimes, are almost never the targets of electronic surveillance. Electronic surveillance does, however, lead to violations of the privacy rights of vast numbers of innocent Americans. According to the government's own statistics, 2.2 million conversations were intercepted in 1996, of which 1.7 million were deemed innocent by prosecutors.

Today's debate over cryptography offers the nation an opportunity to confront the issue of electronic surveillance anew. The ACLU believes that electronic surveillance is absolutely inconsistent with a free society. Free citizens must have the ability to conduct instantaneous, direct, spontaneous and private communication using whatever technology is available. Without the assurance that private communications are, indeed, private, habits based upon fear and insecurity will gradually replace habits of freedom.

Introduction

The debate about the role of electronic surveillance in our democracy is as old as the telephone. But today, the debate has taken on new urgency. Revolutionary changes in our communications infrastructure, brought about by the amazing growth of the Internet and the ever-increasing digitization of information, pose unprecedented threats to personal security and privacy. An increasing amount of sensitive information is now circulating in electronic form, including telephone conversations, FAX messages, electronic mail, fund transfers, trade secrets and health records. The same technological advances that have brought enormous benefits to humankind also make us more vulnerable than ever before to unwanted and potentially dangerous snooping – by governments, by business competitors, by terrorists, by nosy neighbors, by hackers, and by thieves. |1|

The solution to this problem is cryptography – the science of secret writing and codes – that has been used to protect the security of communications for thousands of years. |2| Essentially, cryptography enables the encoding of information so that only the intended recipient has the ability to understand its meaning. Once in the exclusive province of governments, cryptography has now been embraced by scientists, computer users and the communications industry as the best way to protect the privacy and security of electronically transmitted information. In this context, encryption runs a readable message through a computer software program that translates it into unreadable "ciphertext." In order to decode, or decrypt, the message, one must have the "key."

How Does Cryptography Work?

Computers generally transmit data in strings of 1's and 0's that are not apparent to most users. Encryption software and hardware programs scramble these numbers using an algorithm or mathematical formula that can be re-converted only with the proper formula or the "key." Thus, only an authorized person with the secret key can convert a scrambled message back to its original state or readable form.

The strength of encryption against interception and conversion by unintended recipients generally depends on the length of the formula or "key" that is required to decrypt the data. This key is measured by its "bit length" and generally, the longer the key and its bit length – the stronger it is. Thus, a 56 bit length key – which is considered weak – could take seconds for a hacker or thief to decode, whereas a 128 bit length key – which is exponentially stronger – could be impossible to decode in a lifetime.

Cryptography holds the potential for allowing the continued growth of the Internet, digital commerce, and democracy around the world by protecting the integrity of communications from unauthorized access and abuse. Encryption protects:

  • voice communications, such as cell phone conversations, by scrambling signals so that eavesdroppers cannot understand the content of the message;
  • ATM transactions, by protecting your password so that others may not access your financial information;
  • E-mail, so that your messages go only to the intended recipients and not to every other computer user.

Cryptography's increasing use and popularity in the private sector has led to a predictable response by the government: a demand for access to the keys. Citing vague threats to safety and national security, the Clinton Administration has for several years demanded that industry provide it with backdoor access to the country's information infrastructure. As a result of this tension, a struggle over cryptography policy is now taking place in the higher echelons of government, science and industry. Professor Kenneth W. Dam, who chaired the National Research Council's Committee to Study National Cryptography Policy, has warned that "a policy crisis is upon the nation" because of the lack of consensus over cryptography. |3|

Professor Dam's warning takes on greater urgency today. On one side of this policy impasse are the law enforcement and national security agencies – the Justice Department, the FBI, the National Security Council, the Drug Enforcement Administration, and many state and local law enforcement organizations. On the other side are the communications industry, the country's leading cryptographers and computer scientists, and privacy and civil liberties advocates.

What Cryptography Can Do

Cryptography provides an envelope, seal and signature for otherwise unprotected electronic communications.

It accomplishes four essential tasks necessary to both business and individual privacy:

1. Ensuring the integrity of data. Cryptography can detect deliberate or accidental alterations in digital messages.

2. Authentication of users. Cryptography can establish and verify the identity of a party to a communication.

3. Nonrepudiation. Cryptography protects against impersonation and denial of creation by making it impossible for a party to a communication to later deny he or she sent it.

4. Preservation of confidentiality. Cryptography can protect against others gaining access to private communications.

The main arena for this struggle is the U.S. Congress, where a plethora of bills have been, and are being, considered. For the most part, members of the general public have no inkling as to what is going on or what is at stake. No one has asked them whether or not they want Big Brother permanently hardwired into the country's communications infrastructure. And although claims have been made by various government officials that the proliferation of non-key recovery encryption will "devastate our ability to fight crime and prevent terrorism," |4| the evidence about how wiretapping has been used over the past 30 years does not support that apocalyptic assertion. No one has demonstrated convincingly that the only or even the best way to protect ourselves is by creating the apparatus for constant, universal government surveillance. In fact, the government is using scare tactics to take this opportunity to acquire vast powers to spy on all Americans.

This report examines one critical aspect of this extraordinarily complex issue: the grave threats to personal privacy posed by the current Administration position on cryptography. If the President has his way, new technology will make possible a much more intrusive and omniscient level of surveillance than has ever before been possible. In the pre-digital era, the cost of labor intensive wiretaps, conducted by human agents listening to conversations and then transcribing them, functioned to some extent as an economic deterrent to wide scale wiretapping. Digital wiretapping, on the other hand, means massive scanning of thousands of conversations by computers programmed to look for digital representations of key words, like "drugs," "bombs," "civil rights," "Republicans," or "Democrats." Obviously the potential for abuse is thereby magnified many-fold.

The debate over cryptography must be viewed as part of a larger set of issues concerning the power and authority of government to conduct surveillance in the digital age. In recent years, law enforcement agencies have engaged in surreptitious surveillance, such as wiretapping, on a far greater scale than ever before. Today the government's control of encryption, through restrictions on its strength and demands for access to decoding "keys," is the lynch pin of a new and unparalleled era of wiretapping.

Electronic surveillance is inconsistent with a free society

The cryptography debate offers the nation an opportunity to confront the issue of electronic surveillance anew. If we do not do so in a fully informed and careful way, there will be no limit to the sweep of new technological opportunities for total surveillance potential. Without the right to strong, non-key recovery encryption, the black strips on the backs of our credit, cash and identity cards, the electronic keys being distributed by gasoline companies to enable the purchase of gas with the wave of a wand, the E-Z passes for paying tolls electronically, and the imminent arrival of compact digital cell phones that also function as computers, e-mailers and pagers, will all be vulnerable to both governmental and nongovernmental spying, both authorized and unauthorized.

The American Civil Liberties Union has historically opposed all forms of electronic surveillance by the government, and therefore supports the free and unfettered development, production and distribution of the strongest possible encryption technology. Electronic surveillance, whether through bugging devices, wiretaps, or ready access to encryption keys, is fundamentally at odds with personal privacy. It is the worst sort of general search, which necessarily captures not only the communications of its specific targets, but those of countless others who happen to come in contact with the targets or use the same lines. Free citizens must have the ability to conduct direct, instantaneous, spontaneous and private communication using whatever technology is available. Without the knowledge and assurance that private communications are, indeed, private, habits based upon fear and insecurity will gradually replace habits of freedom.

The right to privacy has already been severely compromised in this country. Telephones have been tapped by police at least since 1895, and in the past century there has been a constant tug of war between the government's impulse to eavesdrop and the public's desire to resist further encroachments. Although its powers have been limited by both statute and court decision, for all practical purposes the government has prevailed in this struggle. According to statistics compiled by the Administrative Office of the U.S. Courts, surreptitious government surveillance is now at record levels. |5| From 1985 to 1995, more than 12 million conversations were intercepted through law enforcement wiretaps, and all but a relative handful were completely innocent (in 1995 alone, nearly two million innocent conversations were intercepted). Although government agents must obtain a warrant, their requests for wiretaps are almost never turned down by judges or magistrates. In fact, only one request by law enforcement for an intercept has been rejected in the last eight years.

As will be explained below, all of this wiretapping has produced little in the way of results for law enforcement and yet the expansive surveillance capabilities being sought today through the control of encryption and digital telephony will give the government unprecedented access to all communications – with or without a warrant.

The Clinton Administration's anti-privacy position

The Clinton Administration has consistently ignored the privacy rights of all Americans against unauthorized interception or surveillance. Its public statements, regulations, legislative proposals and litigation positions all support significant curbs on the private sector's ability to use cryptography to protect electronic privacy.

Timeline

April 1993
The Clinton Administration unveils the "Clipper Chip," an encryption chip developed by the National Security Agency, and proposes legislation mandating its incorporation into all encryption products, giving the government access to all encrypted messages.

January 1994
Leading cryptography, security and networking experts issue a letter opposing Clipper Chip. The letter is followed by an Electronic Petition signed by over 50,000 people.

February 1994
The White House announces the adoption of the Clipper Chip. Attorney General announces that two U.S. Government entities will hold the escrowed key components. The Department of State issues its International Traffic in Arms Regulations (ITAR), designating cryptographic systems and software as "munitions" requiring a license before they can be imported or exported.

October 1994
President Clinton signs into law the Communications Assistance for Law Enforcement Act (CALEA), also called the National Wiretap Plan, or digital telephony, requiring telecommunications carriers to ensure that all of their equipment is wiretap-friendly. The industry goes along with the legislation only after the Administration pledges to seek $500 million from Congress to fund the program.

October 1995
The FBI files notice in the Federal Registry seeking the authority under CALEA to simultaneously monitor one out of every 100 telephone lines in "high crime areas" of the country, representing a 1,000-fold increase over previous levels of surveillance.

March 1996
Privacy legislation introduced in Congress. Rep. Goodlatte (R-VA) introduces the Security and Freedom Through Encryption Act, H.R. 3011. Sen. Leahy (D-VT) introduces Encrypted Communications Privacy Act, S. 1587. Senator Burns (R-MT) introduces S. 1726 to relax export controls.

May 1996
The Committee to Study National Cryptography Policy of the National Research Council issues its report, "Cryptography's Role in Securing the Information Society," which, among other things, warns that since "key recovery agents involve people...human vulnerabilities and weaknesses may lead to compromises of the system" which in turn could lead to "catastrophic losses for businesses." The Report also states that the encryption policy debate should not be held behind closed doors and that lawmakers do not need classified information to resolve the issue.

September 1996
Resolution in Support of the Freedom to Use Encryption endorsed by 15 international organizations urging the Organization for Economic Cooperation and Development (OECD) to "base its cryptography policies on the fundamental right of citizens to engage in private communication."

October 1996
Vice President Gore announces the Administration's intention to liberalize export controls for commercial encryption products for up to two years, but only if industry commits to build and market products that support key recovery.

Cryptographer Daniel Bernstein files suit against the State Department asking that the export control laws be struck down on First Amendment grounds.

December 1996
A federal district judge issues the first ruling in favor of Bernstein holding that ITAR – the government's encryption export regulations – are unconstitutional and violate the First Amendment.

104th Congress ends without passage of any bills.

March 1997
The Organization of Economic Cooperation and Development (OECD), an international body of 30 countries, issues guidelines rejecting key escrow encryption and endorsing strong privacy safeguards.

May 1997
A self-constituted group of eleven prominent cryptographers and computer scientists issue their final report, "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption," in which they conclude that the deployment of key-recovery-based encryption infrastructures to meet law enforcement's stated specifications will result in substantial sacrifices in security and greatly increased costs.

August 1997
Federal judge rules in Bernstein case that the export licensing requirements for encryption technology are unconstitutional. The government appeals.

September 1997
The FBI holds closed door meetings with the House and Senate National Security Committees to discuss law enforcement's opposition to the Security and Freedom Through Encryption Act (SAFE). As a result of the secret briefing, the key provisions of the bill are gutted and for the first time, the FBI admits that it is seeking control over domestic use of encryption.

November 1997
ACLU and other civil liberties groups petition the Federal Communications Commission to reconsider and put an end to the FBI's plans for expanded wiretapping capabilities under CALEA.

February 1998
The Global Internet Liberty Campaign (GILC) releases International Crypto Survey finding that most countries do not restrict the use of encryption.

The ACLU, Electronic Privacy Information Center (EPIC), Electronic Frontier Foundation (EFF) and Computer Professionals for Social Responsibility send a letter to Congress and comments to the Federal Communications Commission urging that the digital telephony plan CALEA – receive no funding and be re-evaluated in light of the FBI's bad faith in the plan's implementation. Privacy groups announce that the FBI has ignored Congressional limitations on its surveillance capabilities under the plan and has proposed far broader intercept authority than permitted by the Act.

Despite nearly universal condemnation by the civil liberties community and much of the scientific community, |6| this position on cryptography has remained essentially unchanged since 1993, when the adoption of the "Clipper Chip" plan was announced. The Clipper Chip proposal would have required every encryption user (that is, every individual or business using a digital telephone system, fax machine, the Internet, etc.) to hand over their decryption keys to the government, giving it access to both stored data and real-time communications. This is the equivalent of the government requiring all homebuilders to embed microphones in the walls of homes and apartments. Negative reaction to this proposal was fierce. A Time/CNN poll conducted soon after Clipper Chip was proposed found that 80 percent of the public opposed it. The Administration quickly withdrew the proposal and said the Clipper Chip would be a voluntary government standard.

Shortly thereafter, the Administration put forth "Clipper II," a scheme whereby anyone using encryption would have to leave the key with a government-approved "escrow agent," giving the government access to communications without the knowledge or consent of the sender. That too met with tremendous public opposition which, in turn, led to the "Clipper III," a program for key escrow that did not differ significantly from the earlier proposals.

According to encryption experts, the Administration's key escrow, trusted third-party and key recovery schemes all fatally compromise encryption's basic purpose in that they enable third parties to gain covert access to the plain-text of encrypted communications, and they require the existence of secret keys that cannot be sufficiently safeguarded from government and private abuse. |7|

In addition to Clipper Chip versions I through III, the Administration has also pushed for sweeping expansions of FBI wiretapping authority in numerous bills, including the anti-terrorism legislation passed in 1996. The Communications Assistance for Law Enforcement Act (CALEA) |8|, passed in 1994, is perhaps the best example of the Clinton Administration's disregard for telephone privacy rights. Passed over the vociferous objections of the ACLU and other privacy organizations, this massive FBI wiretapping scheme requires telecommunications carriers and manufacturers to build wiretap capabilities into the nation's communications systems. Unless Congress votes for a delay, CALEA is to be implemented by October 1998. Among the FBI's many demands is one that would require every cell phone to provide information about the location of users to police, in effect turning the telephone into a homing device.

All of this legislative activity has taken place against a backdrop of increased use of existing surveillance powers. In fact, the Clinton Administration set a record for most crime-related wiretaps in a year and for the most wiretaps placed for intelligence purposes.

The Administration has tried to minimize the civil liberties problems inherent in its various key recovery proposals, but its attempts to square the far reaching powers it is seeking with the requirements of the Fourth Amendment are ahistorical and fundamentally flawed.

On June 26, 1997 the House International Relations Committee held a closed briefing session on the subject of encryption. |9| Present at the briefing was FBI Director Louis Freeh, who laid out the Administration's position in response to SAFE Act sponsor Rep. Robert Goodlatte's concerns that key escrow requirements violated the Fourth Amendment:

"We are asking to maintain the balance of the Fourth Amendment. For 200 years the framers and every Congress thereafter has balanced protection of privacy with the legitimate need for police under strict probable cause limits with court orders to do search and seizure. The bills that are being proposed [SAFE Act] will dramatically shift that balance for the first time in 200 years. What it means is that with probable cause, the judge signs the order for me to access the conversations, but I cannot understand it...because no one has...required that there be some key safely placed somewhere, only attainable with a court order. That dramatically changes the balance of the fourth amendment to the detriment of public safety."

Freeh is wrong on several counts.

What the framers had in mind when they adopted the Fourth Amendment

The Fourth Amendment |10| was adopted in direct response to the English Parliament's practice of giving colonial revenue officers complete discretion to search for smuggled goods by means of writs of assistance. The writs permitted colonial authorities, including British troops, to enter homes and offices at will and search any person or place they wanted. The early Americans rebelled against these general searches, and on the eve of the Declaration of Independence, Samuel Adams said he regarded the opposition to general searches as "the Commencement of the Controversy between Great Britain and America." It is fair to say that absolute protection from general government searches is one of this country's founding principles.

When the framers struck the original balance between personal privacy and the needs of law enforcement, remote listening devices had not yet been invented. But it is clear that had they existed, the framers would not have approved of them. By definition, electronic surveillance constitutes a general search, not a search limited to specific objects, people and places as required by the Fourth Amendment. Wiretapping, bugs, and keys to encrypted messages intrude on the most intimate aspects of human life. They hear/see everything and everyone, indiscriminately. Like vacuum cleaners, they sweep up all the details of innocent and often intimate private conversations. A tap on the phone of one person necessarily captures the conversations of anyone who happens to use that phone or call that number. |11| Unlocking one person's encryption code subjects all who electronically communicate with that person to government surveillance. Even obtaining a court warrant does not fix this problem. Electronic eavesdropping cannot be regulated by a warrant precisely because of its dragnet quality; the object to be seized or the premises to be searched cannot be limited or even specified, because it is in the very nature of the technology to catch everything.

The Clinton Administration does not want to maintain the original balance of the Fourth Amendment; it prefers the "balance" struck by the United States Supreme Court many years after the Amendment was adopted. In 1927, during the height of federal enforcement of National Alcohol Prohibition, the Court attempted to come to grips with electronic eavesdropping for the first time. Roy Olmstead, a bootlegger convicted entirely on the basis of evidence from wiretaps, argued before the Court that a search had been conducted without a warrant and without probable cause in violation of his Fourth Amendment rights. In a 5-4 opinion, the Court ruled that a physical entry (a "trespass") must be committed before the Fourth Amendment's protection could be invoked. Since the wiretaps were physically placed outside Olmstead's home, the Court reasoned, there was no government intrusion and therefore no Fourth Amendment protection. The Olmstead decision defined the law for forty years, and during that period, the government was able to engage in virtually unrestricted electronic spying. |12|

The Olmstead case, by a narrow 5-4 margin, destroyed the original balance of the Fourth Amendment, but it was also the occasion for Justice Louis D. Brandeis' prescient dissent in which he warned that, "The progress of science in furnishing the government with means of espionage is not likely to stop with wire-tapping." Brandeis wrote that because wiretaps indiscriminately pick up every conversation within their reach, they constitute the kind of general search prohibited outright by the Fourth Amendment, and that even a warrant requirement would not give sufficient protection. Unfortunately for our privacy rights, Brandeis' dissent has never been adopted by the Court, although it did overrule its Olmstead decision in 1967 when it belatedly recognized that the Fourth Amendment applied to wiretapping and electronic spying (Katz v. U.S.). Nonetheless, Justice Brandeis' account of the framer's intentions is right on the mark:

"The makers of our Constitution...sought to protect Americans in their beliefs, their thoughts, their emotions and their sensations. They conferred as against the Government, the right to be let alone – the most comprehensive of the rights of man and the right most valued by civilized men."

Cryptography can help shift the balance of the Fourth Amendment back to what the framers originally intended. And that is what the FBI is against.

Non-key recovery systems are not detrimental to law enforcement

FBI Director Freeh, Attorney General Reno and others in the Administration have issued dire predictions about the detriment to law enforcement should strong non-key escrow encryption proliferate: e.g., "With unbreakable non-key recovery encryption proliferated, we will be out of the public safety business." |13| Or, "Let there be no doubt: without encryption safeguards [i.e., key recovery systems] all Americans will be endangered." |14| Such predictions are to be expected from government officials who want the power to spy; but are they based on fact or hyperbole?

In fact, the government's own records show that electronic surveillance is of marginal utility in preventing or solving serious crimes. In the past eleven years, fewer than 0.2 percent of all law enforcement wiretap requests were made in the investigation of bombings, arson or firearms. Wiretapping did not stop, nor did it lead to the apprehension of, the Unabomber, Timothy McVeigh, or the World Trade Center bombers. Those crimes were solved by good detective work. Wiretapping is hardly ever used in those types of crimes or in other serious crimes of violence, such as homicide, assault, rape, robbery, and burglary. Instead, the vast majority of wiretaps and other forms of surveillance have been authorized in connection with vice crimes, like gambling and drug offenses – 83 percent in the past eleven years.

Electronic surveillance is of marginal utility to the protection of public safety, but it has resulted, and will continue to result, in demonstrable violations of the privacy rights of vast numbers of innocent Americans. According to statistics released by the Administrative Office of the U.S. Courts and the Department of Justice, 2.2 million conversations were captured in 1996, of which a total of 1.7 million intercepted conversations were deemed not incriminating by prosecutors. These statistics are particularly egregious given the fact that, according to the same report, none of the wiretap orders were issued for investigations involving arson, explosives or weapons.

It is fair to say that electronic surveillance is of some value to law enforcement, just as any other investigative device is. But based on this country's long and well-documented experience with surreptitious government surveillance, it is a gross exaggeration to call it an "indispensable" tool. For serious crimes involving public safety, it is, in fact, rarely used.

Government surveillance through wiretapping has always picked up far more innocent conversations than incriminating ones, and, if anything, the problem has become worse in recent years because the government is asking for (and receiving) an ever-increasing number of court orders for electronic surveillance. In the past decade, the number of interceptions per year has more than doubled. This fact would, if widely known, undoubtedly prove to be highly discomforting to the public. Without strong encryption, the right to privacy will be in even greater peril.

Key recovery systems will increase computer-related crime

Ironically, the scientific community has concluded that key recovery systems weaken computer systems, making them even more vulnerable to hacker attacks. By overstating the utility of electronic surveillance in law enforcement, the Administration ignores cryptography's critical role in preventing crime and protecting national security. The already significant danger of computer-related crime will grow as more commerce moves online; an insecure communications infrastructure invites theft, blackmail, extortion and sabotage. Without strong encryption, these crimes will proliferate.

In response to the Administration's one-sided view, the National Research Council's Committee to Study National Cryptography Policy has pointed out that:

"If cryptography can protect the trade secrets and proprietary information of businesses and thereby reduce economic espionage (which it can), it also supports in a most important manner the job of law enforcement. If cryptography can help protect nationally critical information systems and networks against unauthorized penetration (which it can), it also supports the national security of the United States. |15|

Conclusion and Recommendations

During a time of relative domestic tranquility, it may be difficult for people to imagine the potential for mischief, corruption and repression inherent in a system that gives the government easy access to the private sector's communications infrastructure. Some will be lulled by the Administration's bland assurances that it will only act "under strict judicial controls" to "access information in critical public safety and law enforcement cases." |16| But history teaches otherwise, and we are not talking about ancient history.

Politically motivated electronic surveillance was rampant in this country all through the 1950's, 60's and 70's. |17| In the early 60's, Attorney General Robert Kennedy authorized taps on the home and office phones of Rev. Martin Luther King, Jr., and on the phones of the Student Nonviolent Coordinating Committee (SNCC). President Johnson ordered the FBI to conduct electronic surveillance on prominent critics of the Warren Commission Report and to place a bug in the store-front headquarters of civil rights leaders who had come to the 1964 Democratic Party Convention in Atlantic City. In an ill-fated effort to plug leaks of classified information to the media, the Nixon Administration maintained taps on government officials and news reporters over a twenty-month period beginning in May 1969 (the "Kissenger taps"). |18| This culture of promiscuous government surveillance set the stage for the Watergate break-in and cover-up. During this same period, local police departments also engaged in their fair share of lawless surveillance, much of it never detected.

The very human temptation to pry into one another's secrets should give us great pause before we hand over our encryption keys to strangers – government or otherwise. We are now at a historic crossroads: we can use emerging technologies to protect our personal privacy, or we can succumb to scare tactics and to exaggerated claims about the law enforcement value of electronic surveillance and give up our cherished rights, perhaps – forever.

The American Civil Liberties Union believes that the best way to protect privacy and safety in a digital environment is by encouraging the development of the strongest encryption products, for both domestic and international use. We remain convinced that any encryption restrictions that require the use of a key escrow management scheme pose a greater threat to personal and national security and make computer systems more vulnerable to surreptitious intrusions.

The ACLU recommends the adoption of a national encryption policy that:

- removes existing U.S. export restrictions on encryption products;

- removes criminal penalties for the use of encryption and avoids the creation of new crimes that are based solely on the use of technology;

- preserves the right of all Americans to use encryption for domestic and international purposes;

- does not condition the right to use encryption on the preservation of keys for third-party and government access.

Only by adhering to the above principles can we ensure that Big Brother will not be permanently in the wires.


[Source: American Civil Liberties Union, New York, 01Mar1998]


Notes:

1. One commentator has observed, "the ease with which electronic mail messages can be intercepted by third parties means that communicating by public electronic mail systems, like the Internet, is becoming almost as insecure as talking in a crowded restaurant." A. Michael Froomkin, The Metaphor is Key: Cryptography, the Clipper Chip, and the Constitution, 143 U. Pa. L. Rev. 709, 724 (1995). [Back]

2. A famous historic example archived at the Library of Congress includes private letters exchanged between Thomas Jefferson and James Madison that used cryptographic codes to preserve the confidentiality of their communications before the signing of the Declaration of Independence. U.S. Congress, Office of Technology Assessment, Information Security and Privacy in Network Environments, OTA-TCT-606 (Washington, D.C.: U.S. Government Printing Office, September 1994), at 112.1. [Back]

3. A Note From the Chair, in the National Research Council's report Cryptography's Role in Securing the Information Society, National Academy Press, 1996; emphasis added. [Back]

4. Letter from Attorney General Janet Reno to Members of Congress, dated July 18, 1997. [Back]

5. Title III of the Omnibus Crime Control and Safe Streets Act of 1968, which permits law enforcement electronic surveillance under court order, requires that records be maintained that show how many taps were authorized, for what purpose they were authorized, how many conversations and people were overheard, and how many interceptions led to arrests and convictions. See generally, Bruce Schneier and David Banisar, Electronic Privacy Papers, 1997, Ch. 10 which contains reprinted copies of declassified executive branch documents obtained by the Electronic Privacy Information Center under the Freedom of Information Act. These documents include detailed discussions of the increased use of surveillance and insight into the government's desire for enhanced capabilities. [Back]

6. See, e.g., the May 1997 report issued by a self-constituted group of eleven prominent cryptographers and computer scientists, entitled, The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption. [Back]

7. Howard Abelson, Ross Anderson, et.al., The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption, Final Report, May 27, 1997, at 4. This report concluded that key recovery systems are inherently less secure, more costly and more difficult to use than similar systems without a recovery feature. Key recovery degrades many of the protections available from encryption, such as absolute control by the user over the means to decrypt data. Id. at 8. [Back]

8. The Communications Assistance for Law Enforcement Act, Pub. L. No. 103-414, 108 Stat. 4279 (1994) (codified as amended in sections of 18 U.S.C. and 47 U.S.C.), also known as the Digital Telephony Act. [Back]

9. A declassified and redacted transcript of the closed briefing session was obtained by Netlynews, an online reporting service, pursuant to the Freedom of Information Act. See http://www.netlynews.com. [Back]

10. "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." [Back]

11. An early study of the wiretapping practices of the New York City police department showed that in the course of tapping a single telephone, the police recorded conversations involving at the other end, the Julliard School of Music, Brooklyn Law School, Western Union, a bank, several restaurants, a drug store, a real estate company, many lawyers, a health club, and the Medical Bureau to Aid Spanish Democracy. In Alan Westin, The Wiretapping Problem (1952), cited in The Wiretapping Problem Today, an American Civil Liberties Union report (1962). [Back]

12. In 1934, Congress passed the Communications Act which prohibited the interception of any communication, and the divulgence or use of such communication. This was construed by the Supreme Court in 1937 to prohibit wiretapping (Nardone v. U.S.). Three years later, however, under wartime pressure, the Justice Department declared that the law permitted unrestricted tapping so long as the information obtained from the tap was not disclosed outside the Justice Department. Both Presidents Roosevelt and Truman authorized extensive wiretapping during their terms of office. [Back]

13. FBI Director Louis J. Freeh, closed briefing, see fn.9. [Back]

14. Attorney General Janet Reno, letter to Members of Congress dated July 18, 1997. [Back]

15. National Research Council report, op.cit. at 21. See also, G.A. Keyworth, II and David E. Colton, The Progress and Freedom Foundation, The Computer Revolution, Encryption And True Threats to National Security, (June 1996). [Back]

16. FBI Director, closed briefing, see fn.9. [Back]

17. These events are documented in Frank J. Donner's The Age of Surveillance, Alfred A. Knopf, Inc. (New York, 1980). [Back]

18. It was through a tap on the telephone of National Security council staffer Morton Halperin that the government learned that Daniel Ellsberg was planning to release the Pentagon Papers to the press. In May 1973, Ellsberg's indictment was dismissed on the grounds of prosecutorial misconduct, including the government's failure to inform the court that Ellsberg had been overheard through a wiretap. [Back]


Bookshop Donate Radio Nizkor

Privacy and counterintelligence
small logoThis document has been published on 02Jan18 by the Equipo Nizkor and Derechos Human Rights. In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes.